Skip to content

chore: change form boundary length to 50 characters#55616

Open
keyurgovrani wants to merge 1 commit intofacebook:mainfrom
keyurgovrani:patch-1
Open

chore: change form boundary length to 50 characters#55616
keyurgovrani wants to merge 1 commit intofacebook:mainfrom
keyurgovrani:patch-1

Conversation

@keyurgovrani
Copy link

Reduced the boundary length for multipart form generation from 70 to 50.

Summary:

This change reduces the automatically generated multipart form-data boundary length from 70 characters to 50 characters in RCTNetworking.mm.

The motivation for this change is to prevent request failures caused by backend constraints on the Content-Type header length.

The Content-Type header is formatted as:

multipart/form-data; boundary=<BOUNDARY_VALUE>

Our backend enforces a maximum header length limit of 90 characters. With a 70-character boundary, the total Content-Type header length exceeded this limit (crossing 100 characters), leading to request rejection.

By reducing the boundary length to 50 characters, the total header length now remains within the allowed limit while preserving correct multipart behavior.

Changelog:

[GENERAL] [FIXED] - Reduced multipart form-data boundary length to prevent oversized Content-Type header failures

Test Plan:

  • Verified multipart/form-data requests succeed against backend with 90-character Content-Type header limit.
  • Confirmed total header length is now within allowed constraints.
  • Tested file uploads to ensure multipart request body integrity remains intact.
  • No regressions observed in upload functionality.

reduced the boundary length for form generation from 70 to 50.
@meta-cla
Copy link

meta-cla bot commented Feb 19, 2026

Hi @keyurgovrani!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Feb 19, 2026
@meta-cla
Copy link

meta-cla bot commented Feb 19, 2026

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

@facebook-github-bot facebook-github-bot added the Shared with Meta Applied via automation to indicate that an Issue or Pull Request has been shared with the team. label Feb 19, 2026
Copy link
Contributor

@cipolleschi cipolleschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't really approve this request: you are about to change the limit for EVERY React native application because of your specific server:

Our backend enforces a maximum header length limit of 90 characters.

This is not acceptable. A reasonable fix would be to make this configurable from the app, leaving the base value of 70 chars. You will be then able to customize React Native for your specific use case, without changing it for all the users.

@nil1511
Copy link

nil1511 commented Feb 19, 2026

Thanks for the context! @cipolleschi That's a valid concern about changing a global default.

That said, it's worth noting that React Native iOS is actually an outlier here — all major platforms use significantly shorter boundaries: Chromium and Safari use 16 characters, Firefox uses 32, and React Native Android via OkHttp uses 36 (source). A 70-character boundary on iOS produces headers that exceed limits enforced by several enterprise security policies.

Would the project be open to aligning iOS with Android by adopting a 36-character boundary to match OkHttp? This would improve cross-platform consistency within React Native itself, follow established precedent from widely adopted runtimes, and broadly benefit users without requiring per-app security configuration for enterprises.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. Shared with Meta Applied via automation to indicate that an Issue or Pull Request has been shared with the team.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants

Comments